- From: Dave Kristol <dmk@research.bell-labs.com>
- Date: Mon, 13 Apr 1998 16:07:13 -0400 (EDT)
- To: http-wg@cuckoo.hpl.hp.com
(It's gotten so I have to date them! :-)
3.2.2 The Authorization Request Header
response = "response" "=" request-digest
Later there's this text:
The definition of request-digest above indicates the encoding for
its value. The following definitions show how the value is
computed.
Unfortunately, there *is* no "definition ... above". The non-terminal
request-digest has no syntactic definition. I suspect it should be
request-digest = <"> *LHEX <">
3.2.3 The Authentication-Info Header
cnonce and qop are used in the calculation of response-digest. The
client is not required to send either cnonce= or auth=. So I assume
(correct?) that the null string is used for values for omitted
attributes in the calculation.
If (to use cnonce as the example) cnonce was omitted, should
Authentication-Info omit cnonce, or should it send cnonce=""? Same
question for auth.
Dave Kristol
Received on Monday, 13 April 1998 13:11:37 UTC